Custom Rules are not working

  • versions used (SonarQube 7.6)
  • Description: I have deployed one custom rule in sonar and i have activated the same by creating one profile. I have imported one external issue and tried to analyze with one source code using scanner v3.3.0.1492. When i check the project issues in dashboard, external issues are working but the custom rule which i have deployed is not working.

May i know the reason why custom rule is not working along with external issues ?


We’re going to need detail on your rule before we can help you.



  • versions used (SonarQube 7.7)

My Custom Rule:- If the code consists of any “Http Session”, it will raise an issue with the error message.

Same rule is activated against a profile and when i run mvn sonar:sonar it is throwing the issue.

But, when i run the sonar-scanner, the custom rule which i have deployed into server is not working.


Again, a lot more detail is needed. For instance, are we talking about running these two different analysis commands against the same project or different projects?


Same project.

Whatever I am going to mention below is for same project,

When I run the sonar-scanner, It should raise the issue for the custom rule which i have developed for Http Session and activated against one profile. But It doesn’t.

I am using below sonar-properties file,

When i run sonar-scanner, it should raise all issues (custom rules + external issues).

But the external issues which i have mentioned in report.json file is working but the custom rule which is already deployed and activated with one profile is not working.

Finally, when i analyse the project using sonar-scanner, i am getting only external issues in the dashboard.

What I need is to get both external issues as well as custom rules deployed into sonar server when I run the sonar-scanner.


Okay, first, you should verify that the same profile is used in both analyses. sonar.profile is dropped in 7.7, but you’re on 7.6 and it’s possible your pom sets a profile property. If you’ve got two different profiles in play, one with and one without your rule then the problem is obvious.

But let’s assume you’ve crossed that off the list, the next question is your parameters. When you run a Maven analysis, your source and binary properties are going to be set precisely, not to just .. I don’t see why that would make a difference, but try setting them precisely.

Also, sonar.language has been deprecated for literally years (and finally removed in 7.7). It’s really not gaining you anything here, so I’d eliminate that just to reduce confusion. Along those lines, I don’t recognize sonar.issuesReport.json.enable. Where do you see it documented? And also, since we’re debugging a custom Java rule, it’s not likely to be doing you any good. I’d drop it for at least this test.

And if stepping through all those things still doesn’t get you the desired result, then you’re going to need to share some source code from your rule because diagnosing why a rule doesn’t work without the source is a bit like gazing into a crystal ball. :slight_smile:



Thanks for the response.

I have changed my sonarQube version to 7.7 Below is my src file for custom rule

Rule Class:-

@Rule(key = "*******", name = "Avoid Session Usage in the code", description = "**********", priority = Priority.MAJOR, tags = {
		"bug" })
public class AvoidHttpSessionRule extends IssuableSubscriptionVisitor {

	public List<Kind> nodesToVisit() {

		return ImmutableList.of(Tree.Kind.VARIABLE);

	public void visitNode(Tree tree) {

		VariableTree variableTree = (VariableTree) tree;

		if (variableTree.symbol().type().toString().equalsIgnoreCase("HttpSession"))

			reportIssue(tree, "Avoid Using HttpSession");


I have activated the same rule by creating one profile name custom for the language Java and made it as default profile.

I have placed the sonar-properties file in the project directory. I have some external issues mentioned in the file with key and value as sonar.externalIssuesReportPaths=*/report.json .

After running the sonar-scanner in the project location, i can see my project was registered with sonar server. When i open the issues tab I can see only external issues displaying in the dashboard. I am not able to the custom rule issue in the dashboard

hello @AnuragSanagapalli ,

can you share the sample of code where you expect to see the issue? Do you have the unit tests for your rule implementation as described in the tutorial ?

Thanks @saberduck

Issue solved.

you are welcome. Maybe you can consider sharing what was the issue and how you managed to solve it, so others from the community can benefit from it.

Hi @saberduck

In My Custom Rule I am doing one validation using variableTree mentioned below,

  1. variableTree.symbol().type().toString().equalsIgnoreCase(“HttpSession”) .

When I run the sonar-scanner I am not able to see any issues reported in the dashboard. But when I run the mvn sonar:sonar I am able to observe the issues in the dashboard.

  1. When I use variableTree.type().toString().equalsIgnoreCase(“HttpSession”) I am able to see the issues for sonar-scanner itself.

Both Validations are correct and populating the same output.

I don’t know what was the difference between those two validations. It will be helpful if I get any explanation regarding this.

I believe that the underlying reason for the difference would be the fact that using maven scanner will automatically configure property with the classpath of the project.
sonar-scanner doesn’t do this automatically, you would need to configure it manually.
For java projects it is preferable to use scanner for maven.